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1. INTRODUCTION 

Cloud computing is a contemporary technology which gives convenient to on-demand network access 
for sharing and pooling of resources on the network like storage servers and different application services for 
both application and hardware. The application serves as facilities on the internet with the hardware and system 
software work in the data centers for storage and other applications. People are adopting new technology to 
achieve their required goals [1]. Cloud computing allows people to get a huge amount of data at high speed 
and large memory storage. Cloud data center consists of physical and virtual infrastructure resources which 
include servers, virtual machines (VMs), network infrastructure, and different resources [2]. Data centers (DC) 
are normally used to control various activities such as VM creation and destruction, routing of the user request, 
network management, resource utilization, and load balancing technique. Cloud computing architecture 
comprises of two main parts which are front end and back end where different components in term of storage, 
runtime, service and security work in back-end application and service work in front end [3], [4]. Cloud 
computing architecture consists of four layers. All layers are important due to their different operation and 
connectivity with each other. Different layers play important role for cloud computing. There are four types of 
cloud computing which are used in different field of life with specific rule and respective. Cloud computing is 
a general term for anything that involves in delivering hosted services over the internet. Cloud providers are 
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competing with each other and they constantly expand their services in order to differentiate themselves [5], 
[6]. Figure 1 present the structure of cloud computing. Cloud computing is named as such because the 
information being accessed is found remotely in the cloud or a virtual space. Cloud computing has succeeded 
in bringing change in different field of life. Main characteristic of cloud computing are availability, scalability, 
cloud security, cloud automation and virtualization [7]. Approval rating of cloud computing as an emerging 
technology has been enhanced significantly and these days, there are many cloud storage and computing 
providers who offer their services regarding IaaS, PaaS, and SaaS. Despite these considerable benefits there 
are serious concerns and challenges about this new technology [8]. Which are mention in Table 1 and 
Figure 2. Table 1 present all those challenges which are facing by cloud computing but one of the main issues 
is security in cloud computing. In this paper we cover all those security issues and their improvement technique 
for cloud computing. 
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Figure 1. Structure of cloud computing 
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Table 1. Cloud computing challenges 


Cloud computing Challenges 
Reliability Possibility of failure in stand period of time 
Interoperability Lack of standards for service portability between cloud providers 
Energy saving Defining a standard metric for effective power usage and an efficient standard of infrastructure usage 
Resiliency The ability of the system to provide users with standard level of services while 
Resource monitoring Lack of accurate monitoring mechanism using sensors to collect the data from CPU load, memory 
Load balancing Lack of standard way of load monitoring and load management for different cloud applications 
Security Need improvement in security at different level of cloud computing [9] 


2. INTERNET OF THINGS 

Internet of thing (IoT) consists of self-configuration node they are connected with dynamic and with 
global network infrastructure. It comprises of small thing with limited storage and processing system. IoT 
refers a broad vision. Thing such ways that every day object is place environment are interconnected with each 
other with the help of internet [10]. As we know that IoT is important source of big data. Smart city is the main 
scores of data like industry, agriculture, traffic, transport, medical, public department and social, media. 
According to the process of data achievement and transmission in IoT the network architecture are divided in 
to three and five layers which are sensing layer, network layer and application layer [11]. Main element 
required for building IoT some of the main elements used for building IoT are, unique identification for each 
smart device, sensing devices, communication, data storage, analytics and visualization. Sensing devices each 
device contains sensing elements which used for different parameter like, sound level, motions, amount air, 
humidity and many more purpose [12]. In sensor network large number of nodes are installed for the 
requirement of interest. These smart sensor nodes are developed with the help of micro electro mechanical 
system and used for required purpose. Unique identification for each smart device IoT consists of unique 
identification number or label which are used to connection or used for uniqueness Ipv4 and ipv6 and other 
protocols are used for communication in IoT. Communication sense device sent data in to data base after 
collection of them through different communication mechanism, like near field communication (NFC), Wi-Fi, 
ultra-wide band (UWB), Z-wave, 3G, 4G, LTE-A data storage and analytics. IoT store large numbers of data 
for different environment and these data need to analysis then after they forward to data base. For analysis 
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purpose different algorithm and technique are used [13], [14]. Figure 2 presents the IoT structure along with 
communication devices. 
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Figure 2. Structure of IoT [15] 


Cloud computing and IoT are two different technologies with different architecture and characteristics 
both are important part in our life. Cloud computing is new technology that has significantly changed over the 
last decade. The deliveries of virtualized IT resource over the internet are performed with the help of it. These 
services are delivered with the rule of pay and gain on demand with real time service [16]. IoT become the 
next generation of technology it allows billions of internet device are connected and communicate with each 
other with specific rule and regulation it improves the quality of our daily life. Due to the modern world 
requirement these two technologies are merging together and known as cloud IoT paradigm. Cloud computing 
get more attraction and effectiveness due to the Integration with IoT in real world with distributed manner [17]. 
Table 2 shows the difference of both technologies. Table 2 shows the main difference of both technologies 
according to these differences they are managing to work together with specific rules and communication 
devices. 


Table 2. Difference of two technologies 


Cloud IoT Cloud IoT 
Virtual method used Thing are passive Virtual process has large store Thing are real and on demand 
Internet service delay Limited storage capacity Big data need to manage Internet used for access coverage 
Everyone can use resources Big data store Limited computation [18] 


3. INTEGRATION RULE OF CLOUD COMPUTING AND INTERNET OF THING 

After the study of literature, the integration of cloud computing with IoT consists of three steps which 
are minimal integration, partial integration and full integration. In minimal integration strategy this layer 
provided different layer that produce connection with cloud computing and IoT. It allows basic service like 
web, sensing storage and share these can be achieved with the help of these layers [19]. Partial integration in 
this integration not only middleware layer or platform layer are developed it provide smart object service 
provider. Its main role is to provide connection smart device connected with cloud computing and control them 
by multi-tenant approach. This layer provides virtualization for smart device [20]. Figure 3 present the 
integration of cloud computing and IoT [21]. 

The final stage of level integration is known as full integration strategy. This process merges new 
service models that contain or conversional all cloud computing layer. Simple we can say all layer are working 
collectively in this section [22]. Different heterogeneous network and framework and system with different 
patterns of communication like system to system, human to system and system to human. Cloud IoT is new 
birth of technology which service with different application that can impact in different field of 
life [23]. 
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Figure 3. Integration of cloud computing and IoT 


4. SECURITY ISSUES IN INTERNET OF THINGS AND CC 

There is no doubt that the convenience and low cost of cloud computing services have changed our 
daily lives; however, the security issues associated with cloud computing make us vulnerable to cybercrimes 
that happen every day. The occurrence of the IoT has also dramatically altered the appearance of cyber threat. 
Security threats and vulnerabilities of IoT, industrial challenges, main reasons of cyber-attacks, cyber security 
requirement and some cyber security measures [24]. Some of the main security threats of both technologies 
are mention below. Table 3 present the security issue in cloud computing. 


Table 3. Some of the famous attacks on cloud computing 


Attacker name Attacker incidents Consequences Category 
VM rollback Launch brute force attack Cloud infrastructure, access 
attack Damage cloud infrastructure 
Leakage of sensitive information 
Denial of Http-based DDoS Service/hardware unavailability Network, cloud infrastructure 
service Xml-based DDoS Wrapping a malicious code in Xml signature to 
REST based-DDoS gain unauthorized access to information 
Shrew attack 
(light traffic) DoS 
Theft-of Cloud service usage without billing Cloud infrastructure 
service Cloud resource stealing with less/no cost 
Cross VM side Energy consumption User data/information leakage cloud Cloud infrastructure 
channels side channels 
Botnets Stepping stone Unauthorized access to cloud resources Network, cloud 
attack Make cloud system work abnormally infrastructure, access 
Stealing sensitive information 
Phishing Unauthorized access to personal information Cloud infrastructure, 
Installing a malicious code into user computer network, access 
Cloud malware Credential information leakage Cloud infrastructure [25] 
injection User data leakage 


Cloud machine abnormal behavior 
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Malware attacker on VM: VM is one the main element of cloud computing as we know that 
virtualization is important section of cloud computing. When user sent data or request data from VM there will 
be unwanted VM based various or toolkit are used these kind of virus clock the information they sent user to 
VM or servers. Malwares or virus store the information such as registry, system log and security programs 
details. The attacker then used this information to their required goals [26]. Break of isolation: VM work as 
single or group or monitor each other it may affect by the attacker. Remote management vulnerabilities: 
commercial hypervisors normally have the control of management consoles and administrators to manage VM 
Xen for new faculties they may be affect by the attacker with the help of structured query language (SQL) 
injection [27]. Denial of service (DoS) vulnerabilities: in virtualization environment resource such as CPU, 
memory, networks are shared these resources are shared with user. It possible during executation it chance that 
DoS attack during the system when user request for resource then it shows that no resourced available [28]. 
Revert to snapshots problem: snapshot is a mechanism is process in which a administrator make snapshot for 
machine in certain point and to revert to the some security and if need some information the snapshot used 
some time its disabled due to attacker and make issue for the system [29]. Destruction: when the data is no 
more required then it needs destruction the question arises that the data destroy or not because the physical 
characteristic of storage medium the data may be restored [30]. Archival: archival of data deals with the storage 
of data in cloud storage medium where that is store offline or online and can be access able within cloud or 
connected network. Sometime data storage occurs where it may be offline or not connected with the network 
for some time or period of time then the data primary and security issue or threat will be there [31]. Transfer: 
confidentiality and integrity of data are one of the main elements and both must apply any form of data transfer 
process. This process not applies between the enterprise or cloud storage but also apply between different 
storage [32]. Storage: in cloud computing data storage divided into two main environment IaaS environment 
and SaaS environment and different storage setup are used. For data security, reliability, accuracy, backup, and 
data management system need more reliable system [33]. 


5. INTERNET OF THINGS SECURITY ISSUES 

The domains of security attacks on different hybrid device are increasing day by day. The following 
Figure 4 show summaries of attackers. Now a day’s IoT has the most adoption in term of new device connection 
through with the help of internet. Every day these smart devices become under target of attacker they try 
different method to get their required goals. As we know that different layer is there in IoT and attacker target 
these layer [34]. 
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Figure 4. Different attack on IoT devices [35] 
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Physical attacker: in IoT physical attacker means all those attacks which are tamper on hardware 
components and try miss use or de-packaging of chip, layout or damaged physical device. Or may miss user 
the physical components [36]. Threats for application layer: the personalized services based on the needs of 
the users are included in the application layer; e.g. the interface that user can control devices in IoT. Threats in 
this layer mainly target these services as mentioned areas [37]. Sniffer/Loggers are those programs or hacker 
code which user used or attacker can used to hack the system password. The attacker used this kind of code 
used for network traffic. The main goals of this sniffer is to steal password file, like (FTP, e-mail file, email 
text and many other protocols [38]. Injection: when attacker tries to attack on application servers with help of 
some code that is known as injection. This kind of attack are simple and simple code are used they affect the 
data, loss data or corruption and lack of accountability [39]. Social engineering this of attacks are performed 
with the help of social media like chat, email searching and may more. This kind of attacker can affect data 
and system like hardware and software [38]. Distributed DoS (DDoS) it work same as the DoS attack but in 
this same more attacker attack the same target and multiple point and search for same goal [40]. Sessions 
hijacking this kind of attack are performed in authentication session of management. They use personal 
identities or try to hacker the system by getting the person information. These kinds of attack are simple and 
common and attackers can try at any place and any time without problems [41]. Threat of support layer: target 
of threats in support layer is mainly data storage technologies. These threats are discussed are as: tampering 
with data this kind of attack is performed by third party the change or temped data for their personal benefit or 
organization benefit. Data modification took place by any attacker group or their benefit that is known as 
tampering with data [42]. DoS attack as pervious expiation this kind of attacker are also performed in this layer 
also. Unauthorized access different attackers are trying to get data from IoT by try unauthorized access. Threats 
of perception layer: sensor and intelligence embedded technologies including RFID readers, sensors or GPS 
are under threat because of various security flaws. Main threats are discussed area as: spoofing this kind of 
attack are performed with the help of broadcast message and these message are sent to sensor network and it 
make surety like as it is actual message and the attacker get access the senor network and making vulnerable 
to the network [43]. Radios jamming this kind of attack are performed with communication system like 
communication channel, communication method the attacker work as DoS attacker do and this kind of attract 
affect the communication channel [44]. Device tamping in this kind of attack the user capture the sensor node 
or replace the node with other physical device and get total control on the sensor network. Path based DoS 
attack (PDoS) in this type of attack the overpower and path or communication channel. This type of attack are 
performed end to end communication [45]. Centre node destroy in some situation the entire sensor network 
depends on one single node if the centre node destroy the full sensor network fall and the attacker try to damage 
the centre node and make the network fall [46]. Eavesdropping some time the attacker try to sniffs the RFID 
tags and read the basic information and change password or confidential information and the attacker try to get 
important information [47]. Threats of network layer: network layer which is known as the next-generation 
network are exposed to many kinds of threats. Related threats that come from this layer are listed are as: 
selective forwarding in this kind attack some node does not forward message and sent some selectivity drop 
the attracter hake them and they not reply as normal massage and these are called selective forwarding. There 
are different types of selective forwarding attackers and use DoS for forward message traffic system [48]. Sybil 
attack it is clarified as malicious and taking multiple identities for attack one or more place at one or the attacker 
used multiple identities to the node or different nodes and reduce the device capacity or make fault tolerant 
scheme [49]. Wormhole this form of attack make changes in data bit form and change the position of bit of 
data and it make low latency in the network or device. Man—in—middle attack these kinds of attacker make 
eavesdropping and the unauthorized parties check and control all the private message or communication. The 
unauthorized party can even fake the identity of the victim and communicate normally to gain more information 
[50]. Hello—flood attack in this kind of attack the single malicious device sent single message and it replicate 
the message and make multiple messages in this form it attacks on traffic Physical attackers: these types of 
attacks tamper with the hardware components and are relatively harder to perform because it requires expensive 
material. Some examples are de-packaging of chip, layout reconstruction, micro-probing, and particle beam 
techniques [51]. 


6. IMPROVEMENT IN SECURITY ISSUES FOR CC AND INTERNET OF THINGS 

In this section we present those algorithm and technique for improvement of these section improve 
the cloud computing and IoT are mention. Table 4 present those algorithms which are used for different purpose 
in security section for improvement of these techniques improve different section of cloud computing and IoT. 
Table 5 present the different layer of CC and IoT. For protection of these different techniques are used. 
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Table 4. Cryptographic algorithms 


Type Algorithm Purpose 

Hashing SHA-1/SHA-256 Integrality 

Asymmetric key agreement Diffie-hellman (DH) Key agreement 

Symmetric encryption Advanced encryption standard (AES) Confidentiality 

Asymmetric encryption Rivestshamir adelman (RSA)/Elliptic curve cryptography (ECC) Digital signatures, key transport 
AES Confidentiality 
RSA/ECC Digital signatures, key transport 
Diffie-hellman (DH) Key agreement 
SHA-1/SHA-256 Integrality [38] 


Table 5. Layer attacks in CC amd IoT 


Layers Attacks Defenses 

Physical Jamming radio interference Channel surfing, spatial retreat, 
Tampering Priority messages 

MAC Radio interference delayed disclosure of keys tampering Radio interference delayed disclosure of keys 
tamper-proofing, hiding collision, exhaustion, unfairness Tampering tamper-proofing, hiding 

Network Sinkhole Authorization, monitoring, 
Worm/black hole redundancy, encryption, egress filtering, 
Misdirection authorization, monitor 

Transport De-synchronization Client puzzles 
Flooding Authentication 

Application Flooding, overwhelm, reprogram Rate-limiting, authentication [52] 


Table 5 present different layers in CC and IoT where different attacker attached using different 
technique which is mention in Table 5 and for security of these attacks different research improved different 
section taking different algorithm. Table 6 present cloud computing layer and their descriptions. Table 6 present 
the different cloud layer description and the standard rule safe and protect from different attackers. We improve 
different section using and improving these standard technique or algorithms. Table 7 present the different 
attacks which are performed on IoT devices for improvement in these IoT devices different research improving 
algorithm and framework of the devices. 


Table 6. Cloud computing layer description 


Category Description 
Security standards Describes the standards required to take precaution measures in cloud computing in order to prevent attacks. 
It governs the policies of cloud computing for security without compromising reliability and performance. 
Network Involves network attacks such as connection availability, DoS, DDoS, flooding attack, and internet protocol 
vulnerabilities. 
Access control Covers authentication and access control. It captures issues that affect privacy of user information and data 
storage. 


Cloud infrastructure Covers attacks that are specific to the cloud infrastructure (IaaS, PaaS and SaaS) such tampered binaries and 
privileged insiders. 

Data Covers data related security issues including data migration, integrity, confidentiality, and data warehousing 
[53] 


Table 7. Security issues in IoT 


IoT Attack section need improvement IoT Attack section need improvement 
Traffic analysis Traffic analysis countermeasure Countermeasure against jamming Regulated transmitted power 
Countermeasure Countermeasure against Layer Physical layer identification 
eavesdropping 

Countermeasure Countermeasure against sybil Context oriented Traffic analysis, tempering attacks: 
attacks tag modification 

Data oriented Eavesdropping WSN attacks Need improvement 

DoS Need improvement RFID attacks injection [13], [54] Need improvement 


7. CONCLUSION 

Cloud computing provide different type of network where they location different location and produce 
all information to the end user. The cloud computing provides different services to their clients called front end 
and the cloud itself refer as back end that provides such services to the clients. One of the main challenges 
related to cloud computing called data security of multiple clients. One of the critical challenges facing 
interacting with IoT devices is addressing billions of devices (things) around the world, including: computers, 
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tablets, smart phones, wearable devices, sensors and embedded computers, and the main issues is the security 
of these devices. This paper provided review of different security aspects of cloud computing and IoTs at 
different layers and section in the network. In this review paper we have discuss the security aspect of cloud 
and IoT as well as we make the problem formulation of security and future research direction. 
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